Receives email with blank body

Martin Hepworth maxsec at gmail.com
Tue Oct 23 16:24:44 IST 2012


and also look at  the archive for the original message and the logs for the
message to see what MS thought of the email and what it did with it.

-- 
Martin Hepworth, CISSP
Oxford, UK


On 23 October 2012 11:22, Joolee <mailscanner at joolee.nl> wrote:

> Compare the e-mail the customer received (the source code, not the view)
> and the original archive file.
> You might post both versions to the mailing list after stripping personal
> information.
>
>
> On 23 October 2012 11:21, Budi Febrianto <bfebrian.milis at gmail.com> wrote:
>
>> Dear all,
>>
>> I have the archive file that user received it as blank email.
>> Is there anything that I can do with it? test it? debug?
>>
>> Best Regards
>>
>>
>> On Thu, Oct 11, 2012 at 10:25 AM, Budi Febrianto <
>> bfebrian.milis at gmail.com> wrote:
>>
>>> Dear Martin,
>>>
>>> Already activated the archive facility.
>>> How to proper way to inject and debug mailscanner/sendmail?
>>>
>>> This is what I did, and maybe I did it wrong.
>>> shutdown the mailscanner
>>> copy the archive from /var/spool/MailScanner/archive/(date) to
>>> /var/spool/mqeue
>>> run mailscanner with --debug
>>>
>>> Mailscanner run, and than stop, with some error related with mailwatch
>>> about commit, but nothing else
>>>
>>> Best Regards
>>>
>>>
>>> On Tue, Oct 9, 2012 at 1:31 AM, Martin Hepworth <maxsec at gmail.com>wrote:
>>>
>>>> Doubt it, unless the antivirus on the Domino server did something to
>>>> it, all Mailwatch does is log the information.
>>>>
>>>> Can you replay messages at all - ie do you use  the archive facility so
>>>> you can inject the message again while running in debug mode?
>>>>
>>>>
>>>>
>>>> --
>>>> Martin Hepworth, CISSP
>>>> Oxford, UK
>>>>
>>>>
>>>> On 8 October 2012 18:05, Budi Febrianto <bfebrian.milis at gmail.com>wrote:
>>>>
>>>>> Dear Martin,
>>>>>
>>>>> This happen not always with big emails, many big emails still
>>>>> delivered without any problems.
>>>>>
>>>>> This problem appears to be random, but often.
>>>>>
>>>>> The next host is the mail server, which is Lotus Domino 8.5.
>>>>>
>>>>> Is it possible that the anti virus or mailwatch somehow altered the
>>>>> mail format?
>>>>>
>>>>> Best regards
>>>>> On Oct 8, 2012 11:39 PM, "Martin Hepworth" <maxsec at gmail.com> wrote:
>>>>>
>>>>>> Is this consistent with large emails above the spam checks size limit?
>>>>>>
>>>>>> If it is, you could run a test in debug mode of a large email to see
>>>>>> what's going flakey.
>>>>>>
>>>>>> I presume the next host down the line (192.168.10.17) is handling
>>>>>> this OK?
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Martin Hepworth, CISSP
>>>>>> Oxford, UK
>>>>>>
>>>>>>
>>>>>> On 8 October 2012 16:27, Budi Febrianto <bfebrian.milis at gmail.com>wrote:
>>>>>>
>>>>>>> Dear Martin,
>>>>>>>
>>>>>>> Thank you for the reply, but I don't see something strange in the
>>>>>>> maillog
>>>>>>>
>>>>>>> [root at spam log]# cat maillog.1 | grep q917UfQF014676
>>>>>>> Oct  1 14:30:58 spam sendmail[14676]: q917UfQF014676: from=<
>>>>>>> cory.margaret at abc.com>, size=340562, class=0, nrcpts=1, msgid=<
>>>>>>> E430C752C711024D996D49014F27FD10A78D9B at MT-XC-02-CB.abc.com>,
>>>>>>> proto=ESMTP, daemon=MTA, relay=ln-static-202-77-100-39.link.net.id
>>>>>>> [202.77.100.39] (may be forged)
>>>>>>> Oct  1 14:30:58 spam sendmail[14676]: q917UfQF014676: to=<
>>>>>>> amiws at xyz.co.id>, delay=00:00:11, mailer=smtp, pri=370562,
>>>>>>> stat=queued
>>>>>>> Oct  1 14:30:59 spam MailScanner[13678]: Message q917UfQF014676 from
>>>>>>> 202.77.100.39 (cory.margaret at abc.com) to xyz.co.id is too big for
>>>>>>> spam checks (341198 > 200000 bytes)
>>>>>>> Oct  1 14:30:59 spam MailScanner[13678]: Logging message
>>>>>>> q917UfQF014676 to SQL
>>>>>>> Oct  1 14:30:59 spam MailScanner[13945]: q917UfQF014676: Logged to
>>>>>>> MailWatch SQL
>>>>>>> Oct  1 14:31:00 spam sendmail[14693]: q917UfQF014676: to=<
>>>>>>> amiws at xyz.co.id>, delay=00:00:13, xdelay=00:00:01, mailer=smtp,
>>>>>>> pri=460562, relay=[192.168.10.17] [192.168.10.17], dsn=2.0.0, stat=Sent
>>>>>>> (Message accepted for delivery)
>>>>>>>
>>>>>>> Best Regards
>>>>>>>
>>>>>>> On Mon, Oct 8, 2012 at 6:53 PM, Martin Hepworth <maxsec at gmail.com>wrote:
>>>>>>>
>>>>>>>> Check the mailScanner logs for  that message to see if it's doing
>>>>>>>> anything 'unusual' with the message.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Martin Hepworth, CISSP
>>>>>>>> Oxford, UK
>>>>>>>>
>>>>>>>>
>>>>>>>> On 8 October 2012 11:30, Budi Febrianto <bfebrian.milis at gmail.com>wrote:
>>>>>>>>
>>>>>>>>> Dear all,
>>>>>>>>>
>>>>>>>>> My customer have problems with their mailscanner installation,
>>>>>>>>> sometimes users emails with blank body. I already search the web for
>>>>>>>>> possible reasons, but can't find any.
>>>>>>>>>
>>>>>>>>> This is the configurations:
>>>>>>>>>
>>>>>>>>> MailScanner 4.84.5
>>>>>>>>> Centos 6.2 64 bit
>>>>>>>>> Sendmail 8.13
>>>>>>>>> MailWatch-1.1.5.1
>>>>>>>>> ClamAV 0.96.5
>>>>>>>>>
>>>>>>>>> Best regards
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> MailScanner mailing list
>>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>>
>>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>>
>>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> MailScanner mailing list
>>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>>
>>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>>
>>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> MailScanner mailing list
>>>>>>> mailscanner at lists.mailscanner.info
>>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>>
>>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>>
>>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> MailScanner mailing list
>>>>>> mailscanner at lists.mailscanner.info
>>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>>
>>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>>
>>>>>> Support MailScanner development - buy the book off the website!
>>>>>>
>>>>>>
>>>>> --
>>>>> MailScanner mailing list
>>>>> mailscanner at lists.mailscanner.info
>>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>>
>>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>>
>>>>> Support MailScanner development - buy the book off the website!
>>>>>
>>>>>
>>>>
>>>> --
>>>> MailScanner mailing list
>>>> mailscanner at lists.mailscanner.info
>>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>>
>>>> Before posting, read http://wiki.mailscanner.info/posting
>>>>
>>>> Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20121023/b6e1833b/attachment.html 


More information about the MailScanner mailing list